303

Corruption and FraudDetection by SupremeAudit Institutionsk e n n e t h m . d y e

10

This chapter examines the fraud and corruption issues confrontingsupreme audit institutions (SAIs) and offers some strategies and

ideas for improving SAI performance in detecting fraud and corrup-tion. Some SAIs have already tested some of these strategies, withconsiderable success. For other SAIs they may be new ideas that canhelp them contain fraud and corruption in their countries.

The chapter is written for SAIs, with the hope that it willgenerate debate at the International Congress of Supreme AuditInstitutions and cause a change in auditing emphases by SAIs—sooner rather than later. It is also written for government officialsand legislators concerned about good governance, accountability,transparency, and probity, particularly in countries where fraudand corruption are well embedded in the local culture. The ideasand strategies expressed in this chapter could be the subject ofdonor support to countries where fraud and corruption interferewith good governance.

The Rise in Fraud and Corruption

Fraud and corruption have devastating effects, especially on thepoorest citizens of developing countries. Corruption has no borders

and has spread worldwide, even to countries once considered “clean.” Publicsector bribery, fraud, and corruption have become leading concerns forlegislators around the globe, as the diversion of public funds undermines par-liamentary control of the public purse. This diversion of public monies robspublic policies of resources to do the good they were intended to finance.

Corruption makes no economic distinctions and infects all forms ofgovernment. No country can afford to sustain the social, political, or eco-nomic costs that corruption entails. Corruption erodes public confidence inpolitical institutions and leads to contempt for the rule of law, it distorts theallocation of resources and undermines competition in the marketplace, andit has a devastating effect on investment, growth, and development. It alsoexacts a disproportionately high price on the poor by denying them accessto vital basic services.

Detailed rules and norms of behavior govern the behavior of civil servantsin developing countries. But the process of corruption is so invisible that itleaves little documentary evidence. Despite knowledge of the fact that thereis widespread corruption in government departments, state audit has notplayed any effective role to forestall it, except in a few developing countries,notably China. The cases of corruption that come to light are hardly evertaken serious note of. Partly for this reason, society has gradually becomemore tolerant of corruption. Responsibility is borne by small fries, with thebig fish remaining untouched. This has a demoralizing effect on auditors,who believe that it is pointless to detect or report corruption in a society inwhich accountability is weak.

In developing countries it is common for SAIs to report unauthorizedexpenditures, waste of public funds, abuse of procedures resulting in lossesto the public treasury, and so forth. These institutions are well respected fortheir independence and even feared, curbing initiative and encouragingavoidance of decisions. However, audit staff often tend to take a clericalapproach, demanding strict compliance with procedures while often miss-ing the objective of the procedures. Minor aberrations and misuse of fundsare highlighted, while major systemic failures resulting in large losses to thepublic treasury go unidentified. Audit officers and staff need training todetermine what is significant enough to warrant reporting and training forgovernment officials and staff on public procurement concepts, objectives,processes, and their rationale.

There is an increasing desire among legislators to take the initiative incontrolling bribery, fraud, and corruption. This is a difficult challenge, par-ticularly for legislators who lack the institutional support, knowledge, andexperience to achieve the conditions necessary to hold their governments to

304 Kenneth M. Dye

account. The supreme audit community cannot remain indifferent to thespecial difficulties faced by legislators laboring within the context of corrupt,and often ruthless, regimes.

In recent years major donors have concluded that strengthening thegovernance capacity of weak nations is a good strategy to supportimproved accountability, transparency, and probity. Good governance isa strong antidote to corruption and fraud. Donors can bolster good gov-ernance by promoting acceptance of international accounting and auditingstandards. Legislators and SAIs should unite in support of internationalstandards for accounting and auditing. These standards, promulgated bythe International Accounting Standards Board and the InternationalFederation of Accountants, are now available for the public sector as wellas the private sector. The International Organization of Supreme AuditInstitutions also provides useful audit and internal control guidance to SAIs.

The Need for a Change in Audit Emphasis

Public sector fraud and corruption thrive when accountability and transparencyare absent. Good financial reporting and auditing help reduce the misrepre-sentation that hides fraudulent operations and misleads the reader. Auditingprovides the desirable assurance that audited financial statements can betrusted to represent the economic activities they are intended to portray. SAIscan make a constructive difference by auditing the financial statements ofgovernments and government agencies and making their audit opinionsavailable to legislatures on a timely basis.

There is a gap between stakeholder expectations and audit mandates forSAIs. Traditionally, SAIs have agreed that the primary responsibility for pre-venting and detecting corruption rests with the administrative authorities,such as the police or anticorruption agencies. SAIs have not seen fraudand corruption busting as their main goal; the approach has been to preventcorruption in the field rather than detecting illegal activities. The public,however, believes that SAIs seek to detect fraud and corruption.

This gap needs to be addressed by the SAIs, which should put moreemphasis on detecting fraud and corruption to shrink the expectation gap.They should continue to play an active role in raising awareness of the risksof fraud and corruption and fostering good governance and standards ofconduct, but they should go further and focus more on detecting fraud andcorruption. This can be done by combining controls audit procedures withfinancial attest audit procedures.

Corruption and Fraud Detection by Supreme Audit Institutions 305

It is easier to prevent fraud and corruption than to detect it. SAIs have beencreating and fostering a preventive environment against fraud and corruption,including strengthening financial management systems, evaluating internalcontrol systems, and identifying and correcting weaknesses. Today there iswidespread growth in white-collar crime, including both fraudulent financialreporting and misappropriation of asset schemes. Racketeering and terroristgroups often rely on money laundering schemes to finance and disguise theiractivities. It is time to consider shifting audit emphasis to audit techniquesdesigned to detect fraud and corruption,as well as prevent this scourge on soci-ety. This chapter is not recommending that SAIs go so far as to usurp the roleof anticorruption agencies.Within the scope of their audit work, however, theyshould be more vigilant and capable of detecting fraud and corruption.

When giving an audit opinion on financial statements, it is the customof SAI auditors to ask the reader of the opinion to assume that all the inter-nal controls are functioning appropriately if nothing specific about controlsis mentioned by the auditor. In recent years, auditors have been confrontedwith new technologies with which to select samples to examine, as well asnew rules and regulations on appropriate accounting methods. Theserequirements have drawn their attention away from the basics of evaluatingand testing the functionality of internal controls. Moreover, because there isno requirement in financial attest audit standards to report specifically onthe internal controls present, the auditor remains silent and places lessemphasis on this important audit area.

It is time for public sector auditors to consider giving an opinion onwhether or not the internal controls present are appropriate and sufficient toensure that the systems support the accuracy and fairness of the financial sys-tems and that fraud and corruption opportunities are minimized. In the con-duct of a financial attest audit, public sector auditors could now be providing

� an evaluation of the effectiveness of internal control over financialreporting against a suitable control framework;

� evidence providing reasonable support for the evaluation of the effec-tiveness of internal control over financial reporting;

� reports of material weaknesses in internal control over financialreporting; and

� an audit of internal control over financial reporting.

Doing so requires a change in the public sector auditors’ standard opinionto include a statement that the auditors have examined the internal controlsand found them sufficient and functioning appropriately to support the

306 Kenneth M. Dye

accuracy of the figures stated in the financial statements and to safeguard theassets of the enterprise. Public sector auditors could opine on matters ofinternal control present in the enterprise that

� pertain to the maintenance of records that in reasonable detail accuratelyand fairly reflect the transactions and dispositions of the assets of theentity;

� provide reasonable assurance that transactions are recorded as necessaryto permit preparation of financial statements in accordance with theentity’s Generally Acceptable Accounting Principles and that receipts andexpenditures of the issuer are being made only in accordance withgovernment rules and regulations; and

� provide reasonable assurance regarding prevention or timely detection ofunauthorized acquisition, use, or disposition of the issuer’s assets thatcould have a material effect on the annual financial statements or interimfinancial statements.

SAIs could reasonably take the position that these requirements arethose of management, not the external auditor, but that would probably notsatisfy the needs of a Public Accounts Committee. (In the private sector, it isup to management to ensure that internal controls are effective.) Some SAIsmay resist adding this responsibility to their financial audit reports, as it isnot yet required by national or international standard setters. Another rea-son for not embracing this responsibility is the additional cost. There is nocost to stumbling upon breakdowns; detecting them is time consuming.Very few jurisdictions require an opinion on the state of controls. TheUnited States is one of them.

What Are Fraud and Corruption?

No precise international legal definition of fraud exists because these eventsare covered by national country acts; no international act exists. The term isused to describe deception, bribery, forgery, extortion, corruption, theft, con-spiracy, embezzlement, misappropriation, false representation, concealmentof material facts, and collusion. For practical purposes, and for this discussion,fraud may be defined as the use of deception with the intention of obtainingan advantage, avoiding an obligation, or causing loss to another party.

Fraud refers to a deliberate act that usually involves the use of deceptionto obtain some form of financial benefit or advantage from a position ofauthority or trust that often results in some form of loss to the organization

Corruption and Fraud Detection by Supreme Audit Institutions 307

defrauded. It refers to dishonesty in the form of an intentional deception ora willful misrepresentation of a material fact.

The word corruption comes from the Latin verb corruptus (to break); itmeans “broken object.” Conceptually, corruption is a form of behavior thatdeparts from ethics, morality, tradition, law, and civic virtue. The WorldBank and Transparency International treat corruption as the use of one’spublic position for illegitimate private gains. Abuse of power and personalgain, however, can occur in both the public and private domains, oftenthrough collusion by individuals from both sectors. The Lebanese, therefore,define corruption as the “behavior of private individuals or public officialswho deviate from set responsibilities and use their position of power inorder to serve private ends and secure private gains” (Kulluna Massoul1999). The United Nations Global Programme against Corruption definescorruption as the “abuse of power for private gain” and includes both thepublic and private sectors.

Although perceived differently from country to country, corruptiontends to include fraud, bribery, political corruption, conflict of interest,embezzlement, nepotism, and extortion. Examples of government opera-tions particularly vulnerable to corruption are travel claims; collection oftaxes and customs revenues; administration of procurement contracts;concessions of subsidies, permits, and licenses; hiring, administration ofpersonnel, and payroll systems; privatization processes; petty cash abuse;and e-commerce and Internet credit card transactions. Some of the mostcommon forms of corruption include misappropriation of assets, patronage,influence peddling, and bribery.

Transparency International attempts to measure corruption in a coun-try by using an index called the Transparency International Annual BribePayers and Corruption Perception Index. This index has some shortcomingsin that the number of intelligence-gathering points is not large in somecountries. However, it does provide some way of comparing corruptionacross countries, which can identify countries that should take action soonerrather than later.

The causes of corruption vary from one country to the next. Among thecontributing factors are faulty government and development policies, pro-grams that are poorly conceived and managed, failing institutions, inade-quate checks and balances, an undeveloped civil society, a weak (corrupt)criminal justice system, inadequate remuneration of civil servants, and a lackof accountability and transparency.

A serious impediment to the success of any anticorruption strategy is acorrupt judiciary. A corrupt judiciary means that the legal and institutional

308 Kenneth M. Dye

mechanisms designed to curb corruption, however well targeted, efficient,or honest, remain crippled. Mounting evidence is surfacing of widespreadjudicial corruption in many parts of the world, a trend that poses a majorchallenge for SAIs in the future.

The International Organization of Supreme Audit Institutions’Interest in Fraud and Corruption

The International Organization of Supreme Audit Institutions (INTOSAI)is the worldwide federation of SAIs. It hosts an international conferenceevery three years called the International Congress of Supreme Audit Insti-tutions (INCOSAI). The 16th INCOSAI, held in Montevideo, Uruguay, in1998 was devoted partly to preventing and detecting fraud and corruption.The conference looked at (a) the role and experiences of SAIs in preventingand detecting fraud and corruption and (b) methods and techniques forpreventing and detecting fraud and corruption.

The Uruguay INCOSAI agreed that corruption in government wastesresources, reduces economic growth and the quality of life, undermines thecredibility of state institutions, and reduces their effectiveness. It noted thestrong correlation between corruption and the weakening of state institu-tions. An understanding emerged that corruption is often linked to thesocioeconomic environment of the population (social injustice, poverty,violence) and that a country’s traditions, principles, and values influence thenature of corruption. While registering the gravity of the challenge posed bycorruption, the INTOSAI community also observed that it is difficult todetect many acts of corruption and to estimate their financial impact, whichdoes not necessarily get reported in financial statements.

The Uruguay INCOSAI adopted the following accords:

SAIs agree that fraud and corruption are significant problems affecting allcountries in varying degrees and that the SAIs can and should endeavor to cre-ate an environment that is unfavorable to fraud and corruption. As providedin the Lima Declaration adopted by INTOSAI in 1977, SAIs agreed that theyshould be independent and have adequate mandates that enable them to effec-tively contribute to the fight against fraud and corruption. It was also agreedthat, where possible, SAIs should:

1. seek an adequate level of financial and operative independence andbreadth of audit coverage;

2. take a more active role in evaluating the efficiency and effectiveness offinancial and internal control systems and aggressively follow up on SAIsrecommendations;

Corruption and Fraud Detection by Supreme Audit Institutions 309

3. focus audit strategy more on areas and operations prone to fraud andcorruption by developing effective high risk indicators for fraud;

4. establish an effective means for the public dissemination of audit reportsand relevant information including establishing a good relationship withthe media;

5. produce relevant audit reports that are understandable and user friendly;6. consider a closer cooperation and appropriate exchange of information

with other national and international bodies fighting corruption;7. intensify the exchange of experiences on fraud and corruption with other

SAIs;8. encourage the establishment of personnel management procedures for

the public service that select, retain, and motivate honest, competentemployees;

9. encourage the establishment of guidance for financial disclosure by publicservants, and monitor compliance as part of the ongoing audit process;

10. use the INTOSAI Code of Ethics to promote higher ethical standards anda code of ethics for the public service;

11. consider the establishment of a well-publicized means to receive andprocess information from the public on perceived irregularities; and

12. continue work regarding fraud and corruption through INTOSAI’s exist-ing committees and working groups; for example, the Auditing StandardsCommittee will consider these issues as part of developing implementationguidance as part of a broader standard framework (INTOSAI 1998).

While these recommendations may have been appropriate in 1998, it isbecoming apparent that more could and should be done to detect fraud andcorruption and that SAIs are well positioned to do so, including by opiningexplicitly on the state of internal controls.

Anticorruption Policies

Exposure to fraud and corruption can be mitigated if a government has a setof relevant anticorruption policies. SAIs should encourage adoption of anti-corruption policies for government and assist in the development ofantifraud programs.

SAIs can audit the implementation of the policy. Such a policy mightinclude features such as the following:

� All losses of money and allegations of offenses, illegal acts against thegovernment, and other improprieties must be fully investigated.

� Suspected offenses should be reported to the responsible law enforcementagency.

� Departments should ensure that employees are aware of and periodicallyreminded of their personal responsibility to report any knowledge of a

310 Kenneth M. Dye

contravention of government laws or its regulations, a contravention ofany revenue law, or any fraud against the government.

� Departments should take reasonable measures to protect the identity andreputations of both the people reporting offenses and improprieties andthe people against whom allegations are made.

� Departments should establish and ensure that employees are aware ofprocedures to deal with tips about alleged losses, offenses, improprieties,and improper practices, however obtained or received and whetheranonymous or otherwise.

� Managers who fail to take appropriate action or directly or indirectly tol-erate or condone improper activity should be personally held to account.

SAIs can test compliance with policies such as these to determine if the gov-ernment has enabled an appropriate anticorruption and antifraud regime tobe set up throughout government and audited by the SAIs.

Types of Audits

All audits begin with objectives, which determine the type of work to beperformed and the auditing standards to be followed. The types of work, asdefined by their objectives, are financial audits, compliance audits, controlsaudits, performance audits, forensic audits, and computer audits.

Audit engagements may have a combination of objectives, which mayinclude more than one type of work or have objectives limited to only someaspects of one type of work. International standards for audit work havebeen developed by INTOSAI and the International Federation of Accoun-tants (IFAC) and are being rationalized into a common set of standards.Many countries have their own auditing standards, but most are movingtoward the IFAC standards, known as the International Standards on Audit-ing. Public sector auditors should follow the standards that are applicable tothe individual objectives of the audit and to the jurisdiction.

Financial Audits

While financial audits sometimes reveal frauds, they often do not, becausethey are not designed to do so. It is possible to stumble upon fraud and cor-ruption while examining the financial records for purposes of providing anattest opinion. If auditors find fraud or corruption, they are bound to reporton the circumstances, albeit not necessarily in the audit opinion, which mightbe a clean opinion. The purpose of financial audits is to give assurance that

Corruption and Fraud Detection by Supreme Audit Institutions 311

the financial statements are not misleading and fairly present the economictransactions of the enterprise in accordance with an accounting framework.Detection of fraud is not a primary objective of financial auditing.

Compliance Audits

Fraud and corruption are often identified though compliance audits, whichare designed to ensure that laws, rules, and regulations are observed. Com-pliance audit objectives relate to compliance criteria established by laws,regulations, contract provisions, grant agreements, and other requirementsthat could affect the acquisition, protection, and use of the entity’s resourcesand the quantity, quality, timeliness, and cost of services the entity producesand delivers.

Nonobservance may indicate a fraudulent transaction, although notall cases of nonobservance are fraudulent. Some transactions identifiedcould reflect breakdowns in internal controls, not fraudulent transactions.Such findings would be reported to management. Tests can be designed toensure that enterprise financial policies are implemented in accordancewith expectations. Deviations would be reported to management. Wherea transaction or a series of transactions is revealed to be contrary to thelaw, such transactions are reported to management and possibly to anenforcement authority.

A Priori Audits

A form of compliance audit popular in Latin countries is the a priori audit,which focuses on the legality of a transaction. Expenditures cannot beprocessed until an a priori auditor signs off on each document as to itslegitimacy, legality, and completeness. In recent years a priori auditing hasbecome synonymous with real-time auditing, in which transactions areexamined in real time offline for legitimacy, legality, and completeness.The focus is on transactions, not systems.

Controls Audits

Controls audits are designed to ensure that appropriate controls over systemsand software are in place to ensure that internal controls and internal checksare functioning as designed. Controls audits can have features built intothem to ensure that fraudulent truncations are flagged or made difficult, if not

312 Kenneth M. Dye

impossible, to transact. Controls audits provide assurance that controls areworking, but they do not necessarily detect fraud or corruption.

Internal controls audit objectives relate to management’s plans, methods,and procedures used to meet the organization’s mission, goals, and objec-tives. Internal control includes planning, organizing, directing, and control-ling program operations and the systems put in place to measure, report, andmonitor program performance.

Performance Audits

Performance audits aim to provide information and assurance about thequality of the management of public resources. They assess the economy,efficiency, and effectiveness of the management of public sector entities byexamining resource use, information systems, delivery of outputs, and out-comes, including performance indicators, monitoring systems, and legal andethical compliance.

Performance audits are designed to compare operational performanceagainst norms and predetermined criteria. They can therefore be designedto include some references to laws and regulations and to assist in identify-ing fraud and corruption. Because performance audits focus on operationalissues, especially in high-risk areas, it is not uncommon for auditors tonotice some activities that are not in accordance with rules and regulations.Thus, although performance audits are not designed to identify fraud andcorruption, these issues sometimes surface.

Forensic Audits

Forensic auditing and accounting include providing investigation and litigation support to corporations, government, and law enforcement agencies. They are relatively new in the public sector.

The increased use of computer technology to conduct criminal activitiespresents new challenges to the forensic accountant. Forensic auditors designtheir audits to gather evidence to prove the existence of fraud and corruption.The skills required to do this exceed the audit skills necessary to conduct afinancial or compliance audit.

Under some circumstances, laws, regulations, or policies require auditorsto report indications of certain types of fraud to law enforcement or investi-gatory authorities before extending audit steps and procedures.Auditors mayalso be required to withdraw from or defer further work on the engagement

Corruption and Fraud Detection by Supreme Audit Institutions 313

or a portion of the engagement in order not to interfere with an investiga-tion. The follow-on audit work is known as forensic auditing.

Computer Audits

Computer audits are designed to provide assurance that computer-generatedfinancial records are correctly entered so as to comply with the accountingpolicies and standards of an enterprise. Computer audits explore the risksassociated with equipment malfunction, system design errors, calculationcorrectness, and human error to provide assurance that the computer systemswill deliver accurate information. The audits can be designed to test whetherlaws, rules, and regulations are observed correctly, making a computer auditpotentially useful in detecting fraud and corruption.

Fraud Audit Standards

Encouraging auditors to shift emphasis to detecting fraud and corruptiondoes not change the audit standards. Fraud audit standards are very similarto financial attest audit standards, in that they are segregated into generalstandards of independence: qualifications, due professional care, and pro-fessional skepticism. Field standards include planning, knowledge of theentity, management representations, and audit risk. However, fraud auditstandards differ when it comes to communications with managementand reporting.

Detecting Fraud

Fraud is usually difficult to detect, because collusion occurs and transactionsare not recorded. Well-designed internal controls help prevent fraud. Audi-tors need considerable training to recognize fraud when it does occur.

Internal Auditors in Government

Internal audit is not well developed in many countries in the world; whereit is part of the culture, it is often underfunded in government. Internalauditing has thus not played the important role it should have in helpinggovernment managers manage better and improve systems of accountabil-ity. Seldom do SAIs rely on the work of government internal auditors, whosework has rarely been sufficiently reliable and whose activities are not focusedon the same areas as SAI audits.

314 Kenneth M. Dye

SAIs can foster the development of internal auditing in government bysharing their training capacity with the internal audit community in gov-ernment. The SAI can become the intellectual leader for internal auditors,even though they report directly to government departments. SAIs typicallyhave better audit methodologies than internal auditors, which could beshared with the internal audit community.

It would be very desirable to have the internal audit community in gov-ernment recognized for their expertise in financial management systems andtheir valuable contributions to management. In Canada the government hasrecognized that internal audit capacity has not been well maintained.Despite some weakness, internal auditors in the Department of NationalDefence found a Can$100 million contract fraud in which services were paidfor but not delivered. This good internal audit work, plus the internal auditwork done by the internal auditors at the Department of Public Works andGovernment Services identifying the sponsorship scandal (describedbelow), has educated the government on the value of good internal audit-ing. It will take some time before the internal audit communities in mostgovernments receive that much recognition.

Internal auditing in North America

In Canada the Office of the Auditor General revealed a federal sponsorshipscandal after two internal audit reports had been ignored by the government(Government of Canada 2003). The media got wind of the problem whenone of the internal auditors became a whistle-blower. The government calledin the auditor general to investigate in 2002. Her first report was a scathingdenunciation of abuse in which financial administration systems and ruleswere ignored. The explosive report used words such as “scandalous” and“appalling” to describe how the government abused the system.

The auditor general found that Can$100 million ($85 million) was paidto a variety of communications agencies in the form of fees and commis-sions and that the program was designed to generate commissions for thesecompanies rather than to produce any benefit for Canadians. She told thePublic Accounts Committee that officials in Canada’s Public Works Depart-ment and Government Services “broke just about every rule in the book”when it came to awarding contracts to a marketing agency. She foundinstances in which the government paid Can$550,000 ($440,000) for reportsthat did not exist.

A year later the auditor general went even further, tracking the flow offunds and assisting the national police. Additional abuses were revealed, andthe Public Accounts Committee held inconclusive hearings. The new prime

Corruption and Fraud Detection by Supreme Audit Institutions 315

minister set up a commission to investigate. The televised hearings and thereport of the commission engrossed Canadian taxpayers during much of 2005.In the end, several recipients of fraudulent funds pleaded guilty, went to jail,and provided some restitution. Most Canadians believe that the auditorgeneral’s report on the scandal played a major role in toppling the government,which fell following these revelations.

Recently, the media reported a large (more than Can$100 million[$85 million]) procurement fraud regarding software development in theDepartment of Defence, in which companies were apparently paid forwork not done (Bagnall and McGregor 2006). The fraud occurred despiterepeated management letters from the auditor general pointing out weak-nesses in the procurement processes.

Neither of the Canadian fraud reports arose from a financial audit. Bothwere originally identified by internal auditors.

In March 2003, the U.S. General Accounting Office (GAO) reported thatthe federal government’s accounting practices are unreliable and may notmeet widely accepted accounting standards. It reported that the informationin the consolidated financial statements could not be relied upon to expressan “opinion” because of deficiencies in accounting and reporting across theexecutive branch (GAO 2003).

In August 2005, the GAO (the name was changed to GovernmentAccountability Office on July 7, 2004) faulted a defense contractor’s per-formance in Iraq. The contractor had been awarded more than $10 billionin contracts. Auditors found significant cost overruns, the overcharging ofthe Defense Department by $61 million, illegal kickbacks, failure to police sub-contractors’ billing, and unauthorized expenses at the Kuwait Hilton Hotel.The GAO found that despite billions of taxpayer dollars spent on recon-struction efforts, oil and electricity production in Iraq remained belowprewar levels (GAO 2005).

Internal auditing in Europe

Britain’s National Audit Office reported that the government’s innovativeindividual learning account (ILA) failed because corners were cut, causing an£80 million ($200 million) training scandal. The ILA program collapsed afterministers rushed the program into place without a business plan, crafted animperfect contract, and used insecure information technology systems, all ofwhich contributed to fraud and abuse.

The European Union (EU) has suffered a number of highly public fraudand corruption scandals. A recent one involved funding diverted by thePalestinian Authority into the pockets of terrorists. Auditors allege thatmoney intended for use by the Palestinian Authority for legitimate purposes

316 Kenneth M. Dye

was siphoned off by corrupt officials to pay the wages of 7,000 nonexistentpublic servants.

European Court and internal auditors reported fraud in almost all EUinstitutions and all of its funding programs. Recently, 230 cases were sent tocourt for filing false expenses, submitting claims for work not done, evadingcustoms duties, misappropriating funds, and padding contracts to suppliers,leading to kickbacks (Mobray 2003).

Internal auditing in China and the Russian Federation

The Chinese National Audit Office (CNAO), which has targeted fraud andcorruption and sought out problems, has uncovered many instances offraud and corruption that were not picked up by financial attest audits.Almost Y 9.1 billion ($1.1 billion) was misused in 38 central governmentdepartments, through embezzlement and misuse of funds in departmentsrelating to hospitals, universities, water projects, highway construction, andscientific research. CNAO also reported that the lottery division of thenational sports body overpaid two of its own companies so much for print-ing and distributing lottery tickets in 2003 and 2004 that they turned prof-its of Y 558 million ($67 million) (China Daily 2005).

The Air Traffic Management Bureau of the General Administration ofCivil Aviation used Y 207 million ($25 million) of government money to cir-cumvent national regulations and buy an office building in Beijing. It thenpaid annual rent of Y 13.5 million ($1.6 million) to use the building.

According to China’s auditor general, “There are holes in the budgetmanagement system of some departments. They make use of their fundsto improperly make profits for themselves, and he commented that theCNAO audits in 2004 resulted in savings of Y 1 billion [$120 million]”(Liu Li 2005).

In the Russian Federation, the Audit Chamber has reported fraud andcorruption. In 2005 its chair reported that financial offenses uncovered byaudit amounted to Rub 77 billion ($2.7 billion) and that his office had issuedremedies that recovered Rub 1.5 billion ($50 million). The Audit Chamberalso exposed contractual underpricing worth $275 million for sulfur, gas, coal,and petrochemicals exported from the Russian Federation through theSouthern Customs Department in 2004–05 (Accounts Chamber of theRussian Federation 2005).

Whistle-Blowers

One of the most useful sources for finding fraud and corruption is informationprovided by whistle-blowers. Hotlines are being set up in some countries to

Corruption and Fraud Detection by Supreme Audit Institutions 317

make whistle-blowing convenient. In the past whistle-blowing was oftendone by using brown envelopes that could not be traced to the author. Inmany cases the whistle-blower simply spoke out to authorities. Speaking outhas led many whistle-blowers to be punished (box 10.1).

Ethics Programs and Hotlines

Two effective programs that can advance a fraud prevention agenda are ethicsprograms and hotlines. An ethics program addresses fraud and corruptionin a comprehensive fashion that goes beyond a simple code of conduct. Gov-ernments that want to help employees make the correct ethical choices relating

318 Kenneth M. Dye

B O X 1 0 . 1 The Risks of Whistle-Blowing

Paul van Buitenen, an internal auditor for the European Union, tried to bringhis concerns to his superiors at the European Commission. He was demotedfor his efforts. He went over the heads of his supervisors, taking his evidencedirectly to the European Court of Auditors. He was disciplined by his superi-ors and lost pay. Eventually, his evidence was supported and many senior EUofficials resigned (van Buitenen 2000).

Martha Andreasen claimed EU accounts were open to fraud. She foundherself facing discipline charges by the European Union. In 2002 she was sus-pended from her post as chief accountant after publicly declaring that theCommission’s accounts were faulty and open to fraud and abuse. Accordingto Andreasen, there was “very little documentation to support contracts,” “nocheck-up on accounting information,” “missing progress and final reports,” orsimply “no contract files” (Sumberg 2002).

Allan S. Cutler, an internal auditor in Canada, became concerned aboutthe blatant abuses of the system for the sponsorship program. He claimed hewas threatened with reprisals from his supervisor for having expressed con-cerns about the integrity of contract management within the sector. Cutler tes-tified that he was ordered to backdate contracts to match the dates appearingon requisitions, that appropriate signing authorities were not adhered to, andthat financial authorities had not been received from the client at the timecontracts were issued. While Cutler raised issues of contract manipulation andmanagement concerns, he did not allege any illegal activity. He identified thatissues were systemic in nature and warranted further examination. After hebrought his concerns to the attention of his superiors, his salary was frozenand he was no longer promotable. Eventually, his concerns were reviewed bythe auditor general and Cutler was vindicated. He unsuccessfully ran for Parliament in the next election (Cutler 2007).

to environmental, legal, and social decisions may consider establishing anethics program. Through courses, policies, ethics call lines, and other means,such programs help employees align bureaucratic practices with governmentvalues and beliefs.

One effective deterrent to fraud is a strong perception of being detected.A complaint or tip hotline can help strengthen the perception of detection,as calls are monitored and acted upon and the results publicized. Availableto constituencies both internal and external to the organization, thisdeterrent is valuable and relatively inexpensive. Outsourcing the phone lineto a third-party vendor provides the added benefit of ensuring there is noorganizational bias in its operations.

Ensuring that hotlines are not abused is critical. Disgruntled employeescan provide information that is damaging to a person who may have causedthe caller some distress. To avoid misuse of hotlines, they must be designedin such a way that sorts the wheat from the chaff, so that only legitimateissues are followed up. Much effort has to be made in designing the systemto ensure that complaints are not fictitious or frivolous. Psychologicallydesigned questions help auditors focus on legitimate claims.

Professional Bodies with Standards and Guidance for DetectingFraud and Corruption

Many bodies have promulgated standards and guidance to combat corrup-tion and fraud. These include the INTOSAI, IFAC, the Institute of InternalAuditors, the Institute of Forensic Auditors, and Transparency International.SAIs, which are already members of INTOSAI, should encourage membershipin all of these bodies where practical.

Government Agencies with Antifraud and Corruption Mandates

Many governments throughout the world have set up special agencies, inaddition to police forces, to combat fraud and corruption. Their maintasks are to find and prosecute companies and individuals engaged intransnational crime, cross-border crime, customs evasion, fraud, counter-feiting, tax evasion, organized crime, and other fraudulent activities. SAIscan be very helpful to these national anticorruption agencies if they haveevidence to support criminal charges. SAIs should be very careful in dealingwith such evidence, as improper handling may cause the evidence to bedeclared inadmissible in court.

Corruption and Fraud Detection by Supreme Audit Institutions 319

Reporting Fraud and Communicating with Management

The reporting standard does not change if auditors put more emphasis ondetecting fraud and corruption. Laws, regulations, or policies may requireauditors to report promptly to law enforcement or investigatory authoritiesindications of certain types of fraud, illegal acts, violations of provisions ofcontracts or grant agreements, or abuse. In such circumstances, they shouldask those authorities, legal counsel, or both if publicly reporting certaininformation about the potential fraud would compromise investigative orlegal proceedings. Auditors then limit their public reporting to matters thatwould not compromise those proceedings, such as information that isalready part of the public record.

Reporting fraud requires auditors to address the effect that fraud or ille-gal acts may have on the financial attest audit report. It is important that thePublic Accounts Committee or others with equivalent authority and respon-sibility are adequately informed about fraud or illegal acts. When auditorsdetect minor, but reportable, violations of provisions of contracts or abusethat is not material from a financial attest perspective, they usually commu-nicate the findings in a management letter to officials of the audited entity.If the auditor’s report discloses deficiencies in internal control, fraud, illegalacts, violations of provisions of contracts or grant agreements, or abuse,auditors should obtain and report their views to responsible officials.

Recommendations for Improving SAI AnticorruptionPerformance

SAIs can take many actions to improve their anticorruption and fraud per-formance. Many progressive SAIs are already doing the following:

� Making more courses and conferences on combating fraud and corruption� Strengthening investigative powers� Establishing forensic audit units� Establishing fraud auditing standards� Encouraging more professional designation� Supporting Transparency International� Supporting and cooperating with national antifraud agencies� Encouraging ethics and fraud awareness training programs� Encouraging ministries, departments, and agencies to create fraud

control plans

320 Kenneth M. Dye

� Encouraging ministries, departments, and agencies to contract-out fraudcontrol (hotlines, fraud risk assessment, fraud training, fraud controlplan, and fraud investigation) if resources are unavailable in-house

� Encouraging lawmakers to pass whistle-blower legislation to protect peo-ple who provide legitimate information to public control agencies.

Much more can be done in SAIs that have not amended theirapproaches to fraud and corruption in recent years.

ReferencesAccounts Chamber of the Russian Federation. 2005. “Address of Chairman of Accounts

Chamber of the Russian Federation, Mr. Sergey V. Stepashin, January 27, 2005.”Bulletin No. 3. Moscow.

Bagnall, James, and Glen McGregor. 2006. “Inside Job.” Ottawa Citizen, March 12.China Daily. 2005. “Report of Li Jinhua, Chairman of the Chinese National Audit Office

to the Standing Committee of China’s National Peoples Congress.” Beijing, June 28.Cutler, Allan S. 2007. The Whistleblower Speaks—The Sponsorship Scandal. Ottawa,

Ontario, Canada: AS Cutler and Associates.GAO (U.S. Government Accountability Office). 2003. “Truth and Transparency of the

Federal Government’s Financial Condition and Financial Outlook.”Address by DavidM. Walker, Comptroller General of the United States, to the National Press Club,September 17, Washington, DC. Available at www.gao.gov/cghome/2003ngc917.pdf.

———. 2005. “Rebuilding Iraq: Actions Needed to Improve the Use of Private SecurityContractors.” GAO Report 05-737. Washington, DC. Available at www.gao.gov/newitems/d05737.pdf.

Government of Canada. 2003. 2003 Reports of the Auditor General of Canada. Chapters 3,4, and 5. Ottawa. Available at www.oag-bvg.gc.ca/domino/reports.nsf/html/03menu_e.html.

INTOSAI (International Organization of Supreme Audit Institutions). 1998. Reports andproceedings of the 16th International Congress of Supreme Audit Institutions, Monte-video,Uruguay,November.Available at www.nao.org.uk/intosai/edp/reportindex.html.

Kulluna Massoul. 1999. Lebanon Anti-corruption Initiative Report. Washington, DC: U.S.Agency for International Development.Available at www.kullunamassoul.org.lb/general/report/Final.doc.

Liu Li. 2005. China Daily, June 26.Mobray, C. 2003. “Fraud against European Union Totaling More than Half a Billion

Pounds Have Been Uncovered in the Past Year.” EU Weekly News, November 30.Sumberg, David. 2002. “Tories Fight Labour over Firing of EU Whistleblower.” Posted

online October 28. Available at www.davidsumberg.com/eu_whistleblower.htm.van Buitenen, Paul. 2000. Blowing the Whistle: One Man’s Fight against Fraud in the

European Commission. London: Politico’s.

Corruption and Fraud Detection by Supreme Audit Institutions 321